We have reached
the age where advancements in radio technology make communicating easy,
widespread, and reliable. Now the security of the communication becomes
as important as the communication itself. In this chapter, we’ll discuss
communications security (COMSEC), that is, methods that keep important
communications secure. We’ll also talk about transmission security
(TRANSEC) — schemes that make it difficultfor someone
to intercept or interfere with your communications.

COMSEC

COMSEC uses
scrambling or cryptographic techniques in order to make information unintelligible
to people who do not have a need to know or who should not know. We’ll
differentiate here between cryptographic or ciphering techniques applied
to digital signals and scrambling techniques applied to analog signals.
Cryptography is the process of encrypting (translating) infor-mation into
an apparently random message at the transmitter and then deciphering the
random message by decryption atthe receiver.
Historically, sensitive information has been protected through the use
of codes. The sender would manually encode the messages before transmission
and the recipient would manually decode the messages upon receipt. Today’s
electronic technolo-gies allow the coding/decoding process to occur automatically.
The process involves using a mathematical algorithm, coupled with a key,
to translate information from the clear to the encrypted state. If sensitive
information is transmitted without the protection of cryptography and the
information is inter-cepted, it would require little effort or resources
to understand the transmittal. The US Government has established standards
for the degree of protection required for different levels of classi-fied
and sensitive information. In voice communications systems that do not
require extremely high security, you can protect against casual eavesdropping
by scrambling. Scrambling, as an analog COMSEC technique, involves separating
the voice signal into a number of audio sub-bands, shifting each sub-band
to a different audio frequency range, and combining the resulting sub-bands
into a composite audio output that modulates the transmitter. A random
pattern controls the frequency shifting. The technique of scrambling the
pattern is similar to sending a message with a decoder ring, like the ones
sometimes found in children’s cereal boxes. You can, for example, designate
that the letter c be ciphered as g, a as n, and t as w, so that when you
receive the message gnw, you decode it as cat. Descrambling occurs at the
receiver by reversing the process. Harris’ Analog Voice Security (AVS)
allows for easy entry into thecommunications
net because it does not require synchronization with other stations. In
digital encryption the data, which may be digitized voice (asdescribed
in Chapter 5), is reduced to a binary data stream. The cryptographic engine
creates an extremely long, non-repeating binary number stream based on
a traffic encryption key (TEK). The data stream is added to the cryptographic
stream, creating the encrypted data, or cipher text. A binary stream created
in this fashion is inherently unpredictable; it also provides a very secure
method of protecting information. On the other hand, all analog signals
are more predictable and thus less secure. The data encryption strength,
which is the degree of difficulty in determining the message content, is
a function of the complexity of the mathematical algorithm coupled with
the key. The key is a variable that changes the resynchronization of the
mathematical algorithm. Protection of the key is vital. Even if an unwanted
organization gains access to the encrypted informa-tion and has the algorithm,
it is still impossible to decrypt theinformation
without the key. The US Government has developed rigorous key management
procedures to protect, distribute, store, and dispose of keys.In the past,
keys were manually loaded into a cryptographic device by using a paper
tape, magnetic medium, or plug-in transfer device. Creation and secure
delivery of keys to each user were significant problems in both logistics
and record keeping. One type of key management system also used in the
commer-cial sector is public key cryptography. Under this standard, each
user generates two keys. One is the public key, “Y,” and the otheris the private
key, “X.” The Y value derives from the X value. The strength of such a
system lies in the difficulty of deriving X from Y; what is encrypted with
the Y key can only be decrypted with the X key. By openly disseminating
the user’s public Y key, and retaining sole access to the private X key,
anyone can send a secure message to you by encrypting it with your public
Y key. You are the only one, though, who can decrypt the message, since
only you have the private X key. In a network using this public key system,
two-way secure communications are possible among all network users. This
is called an asymmetrical key system. The alternative is a symmetric key
system, in which the same key encrypts and decrypts data. Because both
the originator and all recipients must have the samekeys, this
system offers the highest levels of security. Harris has led the way in
developing state-of-the-art electronic means to secure and distribute key
material for these symmetric key-based communications systems. A recent
development applicable to radio networks employs Over-The-Air-Rekeying
(OTAR). This technique nearly eliminates the need for manual loading of
keys and provides a secure key management. OTAR is based upon a benign
key distribution system. It includes a key encryption key (KEK) used to
encrypt the TEK and any other operational COMSEC or TRANSEC keys. This
process is referred to as “wrapping” so as to differentiate it from traffic
encryption. The KEK is the only key that must be initially loaded into
both the sending and receiving units. Usually, an initial set of operational
keys are loaded at the same time. After wrapping, subsequent distribution
can use any physical or electronic means. In an OTAR system, the wrapped
keys are inserted into a message and sent over a radio link to the intended
station using error-free transmission protocols (an error would render
the keys useless). The link used for transmission is usually secured by
the TEK currently in use. Thus, the key mate-rial is doubly protected when
sent over the air, practically elimi-nating any possibility of compromise.
For a higher degree of security, it is common to digitize the voice signal
by means of a vocoder, as mentioned in Chapter 5. The resulting digital
signal is then treated like any data stream.

TRANSEC

TRANSEC employs
a number of techniques to prevent signal detection or jamming of the transmission
path. These techniques include hiding the channel or making it a moving
target. Low Probability of Detection (LPD) systems transmit using very
low power or spread the signal over a broad bandwidth so that the natural
noise in the environment masks the signal.A related
strategy, known as Low Probability of Intercept (LPI), involves transmitting
signals in short bursts or over a wide band-width to reduce on-the-air
time. The most commonly used TRANSEC technique is frequencyhopping.
In this system, the transmitter frequency changes so rapidly that it is
difficult for anyone not authorized to listen in or to jam the signal.
The receiver is synchronized so that it hops from frequency to frequency
in a predetermined pattern in unison with the transmitter. Frequency hopping
scatters the intelligence over several hundred discrete frequencies. A
radio operator listening to one of these frequencies may hear a short “pop”
of static. A broadband receiver could perhaps capture all of these little
bursts; however, the task of picking these burstsout of the
other natural and man-made bits of noise would be daunting, requiring a
team of experts several hours just to reassemble a short conversation.
Jamming one channel would have minimal impact on the hopping communicator.
To effec-tively jam a frequency-hopping radio, most or all of the frequen-cies
that the hopping communicator uses would have to be jammed, thus preventing
the use of those frequencies as well.

Harris’ AN/PRC-117,
AN/PRC-138, and RF-5000 FALCON trans-ceiver series of products are highly
rated for their frequency-hopping capabilities.Harris’ RF
Communications Secure Products Line is a preferred supplier of information
security for the US Government and the US Department of Defense. It is
a leader in the development and production of US Government and exportable
security products. The NSA-endorsed WINDSTER Key Generator Module and SKMM
(Standard Key Management Module) line of products has full OTAR capabilities
and meets NSA’s rigorous Commercial COMSEC Endorsement Program requirements.

Harris’ COMSEC/TRANSEC
Integrated Circuit (CTIC) and COMSEC/TRANSEC Integrated Circuit/DS-101
Hybrid (CDH) provide system embedders and US Government customers protection
of highly classified information using state-of-the-art TRANSEC/COMSEC
techniques. The company also provides acomprehensive
line of secure products for the export market. SUMMARY

• COMSEC uses
cryptography or scrambling to make information unintelligible to people
who do not have a need to know or who should not know.

- The security
level of a COMSEC system depends on the mathematical soundness of the algorithms
and the number of variables in the key.

- Protection
of the key is vital to securing the transmitted information.

- Public key
cryptography is widely used in the commercial sector.

• Over-The-Air-Rekeying
(OTAR) eliminates the need for manual loading of keys and provides a more
secure method of key management.